[AusNOG] 10G routing

[Ben]

On Fri, Feb 07, 2014 at 02:25:25AM +0000, Alex Samad - Yieldbroker wrote:
> Hi
> 
> Q)  am I being unrealistic to think I should be able to get 10Gb/s routing/firewall in a vm? (or cheap hardware solution)

use vt-d to pass through the pci-e devices to the virtual machine.  make sure you're using a modern cpu, and that you have at
a bare minimum pci-e 2 x4 bandwidth.  
 
> I know there are very expensive Big name boxes out there, but I am wondering what other people are thinking / using.  I guess I am not thinking core telco stuff but more for business end user.
> 
> I have had a bit of a test of the current soft routers and love interfaces, love the price (not so much the brocade vr5400..) 
> 
> Did some testing of a home built centos 6.5 box  I was able to get up to  8Gb/s  routed and firewall rules in place, but writing a system to manage it I have better things to do :)
> 
> My general feel currently is they are not ready yet, trying to get up over 1Gb/s was rather hard..  General feel on yvos was it should work out of the box ...

i think it's different if you're trying to get more than a gigabit versus maxing out 10 gigabit.  like say you were fine with 2 to 4 gigabit with
some peaks of higher bandwidth then software would be ok.  You may want to do netflow or such, and some ddos mitigiation if you have 10 gigabit
upstream without quick ddos protection.

irrespective of the platform for software routers often it's state overload that bites you first with high traffic volumes which may not be so
noticable in casual testing.

if you're using a dual cpu machine you also want to look into numa affinity - basically on modern cpus the pci-e comes directly from the cpu
and you want that same cpu to deal with the data, rather than using the interlink between cpus.  

Ben.